Changes for page Dependency-Track
Last modified by Milad Afshar-Jahanshahi on 2025/09/03 14:31
From version 26.1
edited by Milad Afshar-Jahanshahi
on 2025/09/03 09:16
on 2025/09/03 09:16
Change comment:
There is no comment for this version
To version 33.3
edited by Milad Afshar-Jahanshahi
on 2025/09/03 12:58
on 2025/09/03 12:58
Change comment:
There is no comment for this version
Summary
-
Page properties (1 modified, 0 added, 0 removed)
Details
- Page properties
-
- Content
-
... ... @@ -1,10 +1,12 @@ 1 - {{toc/}}1 +STILL UNDER CONSTRUCTION 2 2 3 3 [[image:logo-dependency-track.YzQAjtqS_Z2pMQkR.webp||alt="Grafana Icon Logo PNG vector in SVG, PDF, AI, CDR format" data-xwiki-image-style-alignment="end" height="52" width="190"]] 4 4 5 +{{toc/}} 6 + 5 5 = Introduction = 6 6 7 -Dependency-Track is an open-source softwarecompositionanalysis (SCA) tool. It creates and manages asoftwarebill ofmaterials (SBOM) for projects.The toolcontinuouslychecksdependencies for known vulnerabilities. Italso tracks license compliance of open-source components.Teams gainvisibility and controlover their software supplychain. Helps integratesecurity into DevOps/CI-CD pipelines efficiently.9 +Dependency-Track is an open-source Software Composition Analysis (SCA) tool that helps organizations manage and secure their software supply chain. It automatically generates and maintains a Software Bill of Materials (SBOM) for projects, continuously monitoring dependencies for known vulnerabilities. In addition, it tracks license compliance of open-source components, giving teams greater visibility and control. By integrating seamlessly into DevOps and CI/CD pipelines, Dependency-Track makes it easier to embed security throughout the development lifecycle. 8 8 9 9 [[Vendor Page>>https://dependencytrack.org/]] 10 10 ... ... @@ -18,6 +18,8 @@ 18 18 19 19 = Accessing Dependency-Track = 20 20 23 +Dependency-Track is integrated into the DevOps-as-a-Service toolchain, but for now it’s only offered in the Pilotkunden Preview. To get started, a few prerequisites need to be in place. 24 + 21 21 == Preconditions in DevOps portal to access Dependency-Track == 22 22 23 23 1. A Dependency-Track license must be assigned to the user ... ... @@ -26,12 +26,9 @@ 26 26 (% class="box warningmessage" %) 27 27 ((( 28 28 ⚠ **Note** 29 - Im Gegensatzzu anderenToolsist ein Loginnurdannmöglich,wennderUsereineLizenzhat und inmindestenseinemDepTrackProjekteine Rolle hat33 +Unlike other tools, login is only possible if the user has a valid license and is assigned a role in at least one Dependency-Track project. 30 30 ))) 31 31 32 - 33 - 34 - 35 35 After completing the preconditions, a project in Dependency-Track, which is part of the DevOps-as-a-Service toolchain, can be accessed via the DevOps Portal or directly through a URL. 36 36 37 37 == Via DevOps Portal == ... ... @@ -56,11 +56,15 @@ 56 56 57 57 58 58 59 -== Dependency-Track Jenkins Intera ction ==60 +== Dependency-Track Jenkins Integration == 60 60 61 - NursdcPipeline()wirdunterstützt,nurmaven(bisher),alles automatisch62 +When using sdcPipeline(), Maven projects automatically generate a Software Bill of Materials (SBOM) and are pushed to Dependency-Track. This process is fully automated through the provided pipeline library. 62 62 63 63 65 +== Collection Project und Unterprojekte == 66 + 67 +TODO 68 + 64 64 = Users, Projects and Roles = 65 65 66 66 * Projects, users and their roles in projects are managed in the DevOps Portal, the corresponding functions in Dependency-Track are disabled (UI and API)